Building Block Security

This page describes how to restrict access to a page in your building block.

Entitlements

The primary means of restricting access to a building block is through the use of entitlements. These intitlements are simply strings with the form functional-area.ACTION

For example,

The course.enrollment.MODIFY entitlement grants a user rights to modify an enrollment in a course.

The course.assessment.results.VIEW entitlement grants a user rights to view results in a course.

The course.content.CREATE entitlement grants a user rights to create content in a course.

The list of available entitlements can be seen by looking at the bb_bb60.entitlement table.

Every role in Blackboard has a set of entitlements attached to it. All the entitlements for particular roles can be viewed and modified on the Privileges page in the System Admin panel. However, for development purposes, it's easier to look directly in the database.

Enforcing entitlements

The easiest way to check entitlements is by using the static methods on the SecurityUtil class.

For example, to check whether a user has rights to modify an enrollment in a course, you could write.

The PlugInUtil class also has several methods you can use to check permissions, such as PlugInUtil.authorizeForCourseControlPanel(request, response). However, these methods will also generate a redirect to the front page if the check fails, which may interfere with your application logic.

Ensuring that a user is authenticated

To check that a user is authenticated, you can call the isAuthenticated() method on the user's BbSession object.

However, if you are using a framework like Spring or Stripes calling HttpAuthManager.sendLoginRedirect may interfere with your application logic, and you may wish to just redirect to the root of your blackboard install.